From e2523424cc41ba261b92b63866eb0b3d608bff54 Mon Sep 17 00:00:00 2001 From: drywheattoast Date: Wed, 9 May 2012 15:03:59 -0500 Subject: [PATCH] Fixes bug with SignedDocument#validate_doc calling this method more than once would result in an exception being thrown because the signature node is removed from the root document in the first invocation. this node is being stored in an attr_accessor because subsequent calls to the #validate_doc method need it to function properly. --- lib/xml_security.rb | 10 ++++++---- test/xml_security_test.rb | 6 ++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/xml_security.rb b/lib/xml_security.rb index 28fbda38d..cb46684d2 100644 --- a/lib/xml_security.rb +++ b/lib/xml_security.rb @@ -36,7 +36,7 @@ module XMLSecurity class SignedDocument < REXML::Document DSIG = "http://www.w3.org/2000/09/xmldsig#" - attr_accessor :signed_element_id + attr_accessor :signed_element_id, :sig_element def initialize(response) super(response) @@ -73,9 +73,11 @@ def validate_doc(base64_cert, soft = true) inclusive_namespaces = prefix_list.split(" ") end - # remove signature node - sig_element = REXML::XPath.first(self, "//ds:Signature", {"ds"=>DSIG}) - sig_element.remove + # store and remove signature node + self.sig_element ||= begin + element = REXML::XPath.first(self, "//ds:Signature", {"ds"=>DSIG}) + element.remove + end # check digests REXML::XPath.each(sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref| diff --git a/test/xml_security_test.rb b/test/xml_security_test.rb index 7cb0c43b9..48e1a1f63 100644 --- a/test/xml_security_test.rb +++ b/test/xml_security_test.rb @@ -19,6 +19,12 @@ class XmlSecurityTest < Test::Unit::TestCase @document.validate_doc(@base64cert, false) end end + + should "not raise an error when softly validating the document multiple times" do + assert_nothing_raised do + 2.times { @document.validate_doc(@base64cert, true) } + end + end should "should raise Fingerprint mismatch" do exception = assert_raise(Onelogin::Saml::ValidationError) do